Changelog

1.3.20

  Lots of changes.  Thanks to Jeff Chan for catching a memory leak and
  helping track down the endian issues with the SSRCs.

1.3.8

  This is an interim release.  Several little-endian bugs were identified
  and fixed; this means that we can use intel/linux for development again.

  Cleaned up sha1 and hmac code significantly, got rid of some excess
  functions and properly documented the fuctions in the .h files.

  Eliminated some vestigial files.

  There is a SIGBUS error in the AES encrypt function on sparc
  (observed on both solaris and openbsd) with gcc 2.95.  Was unable to
  find bad pointer anywhere, so I'm wondering if it isn't a compiler
  problem (there's a known problem whose profile it fits).  It doesn't
  appear on any other platform, even in the cipher_driver stress
  tests.

  Planned changes

  Change interface to nonces (xtd_seq_num_t) so that it uses
  network byte ordering, and is consistent with other arguments.


1.3.6 

  Changed /dev/random (in configure.in and crypto/rng/rand_source.c) to
  /dev/urandom; the latter is non-blocking on all known platforms (which 
  corrects some programs that seem to hang) and is actually present on 
  Open BSD (unlike /dev/random, which only works in the presence of 
  hardware supported random number generation).

  Added machine/types.h case in include/integers.h.

1.3.5

  Removing srtp_t::template and stream_clone().

  Adding a new policy structure, which will reflect a complete SRTP
  policy (including SRTCP).

  This version is *incomplete* and will undergo more changes.  It is
  provided only as a basis for discussion.

1.3.4

   Removed tmmh.c and tmmh.h, which implemented version one of TMMH.

   Changed srtp_get_trailer_length() to act on streams rather than
   sessions, and documented the macro SRTP_MAX_TRAILER_LEN, which should
   usually be used rather than that function.

   Removed 'salt' from cipher input. 

   Changed rdbx to use err.h error codes.

   Changed malloc() and free() to xalloc() and xfree; these functions
   are defined in crypto/kernel/alloc.c and declared in 
   include/alloc.h.

   Added 'output' functions to cipher, in addition to 'encrypt'
   functions.  It is no longer necessary to zeroize a buffer before
   encrypting in order to get keystream.

   Changed octet_string_hex_string() so that "times two" isn't needed
   in its input.

   Added crypto_kernel_init() prior to command-line parsing, so that
   kernel can be passed command-line arguments, such as "-d
   debug_module".  This was done to for the applications
   test/srtp-driver, test/kernel-driver, and test/ust-driver.

   Improved srtp_init_aes_128_prf - wrote key derivation function
   (srtp_kdf_t).

   Add the tag_len as an argument to the auth_compute() function, but
   not the corresponding macro.  This change allows the tag length for
   a given auth func to be set to different values at initialization
   time.  Previously, the structure auth_t contained the
   output_length, but that value was inaccessible from hmac_compute()
   and other functions.

   Re-named files from a-b.c to a_b.c. in order to help portability.

   Re-named rijndael to aes (or aes_128 as appropriate).


1.2.1 

  Changes so that 1.2.0 compiles on cygwin-win2k.

  Added better error reporting system.  If syslog is present on the
  OS, then it is used.


1.2.0 Many improvements and additions, and a fex fixes

   Fixed endian issues in RTP header construction in the function
   rtp_sendto() in srtp/rtp.c.

   Implemented RIJNDAEL decryption operation, adding the functions
   rijndael_decrypt() and rijndael_expand_decryption_key().  Also
   re-named rijndael_expand_key() to rijndael_expand_encryption_key()
   for consistency.

   Implemented random number source using /dev/random, in the files
   crypto/rng/rand_source.c and include/rand_source.h.

   Added index check to SEAL cipher (only values less than 2^32 are
   allowed)

   Added test case for null_auth authentication function.

   Added a timing test which tests the effect of CPU cache thrash on
   cipher throughput.  The test is done by the function
   cipher_test_throughput_array(); the function
   cipher_array_alloc_init() creates an array of ciphers for use in
   this test.  This test can be accessed by using the -a flag to
   the application cipher-driver in the test subdirectory.
 
   Added argument processing to ust-driver.c, and added that app to
   the 'runtest' target in Makefile.in.

   A minor auth_t API change: last argument of auth_init() eliminated.


1.0.6 A small but important fix

   Fixed srtp_init_aes_128_prf() by adding octet_string_set_to_zero()
   after buffer allocation.

   Eliminated references to no-longer-existing variables in debugging
   code in srtp/srtp.c.  This fixes the compilation failure that
   occured when using PRINT_DEBUG in that file.

   Corrected spelling of Richard Priestley's name in credits.  Sorry
   Richard!


1.0.5 Many little fixes

   Fixed octet_string_set_to_zero(), which was writing one
   more zero octet than it should.  This bug caused srtp_protect()
   and srtp_unprotect() to overwrite the byte that followed the
   srtp packet.

   Changed sizeof(uint32_t) to srtp_get_trailer_length() in
   srtp-driver.c.  This is just defensive coding.

   Added NULL check to malloc in srtp_alloc().


1.0.4 Many minor fixes and two big ones (thanks for the bug reports!)

   Removed 'ssrc' from the srtp_init_aes_128_prf() function argument
   list.  This is so that applications which do not a priori know the
   ssrc which they will be receiving can still use libsrtp.  Now the
   SSRC value is gleaned from the rtp header and exored into the
   counter mode offset in the srtp_protect() and srtp_unprotect()
   functions, if that cipher is used.  This change cascaed through
   many other functions, including srtp_init_from_hex(),
   srtp_sender_init() and srtp_receiver_init() in rtp.c, and also
   changing the CLI to test/rtpw.  In the future, another function
   call will be added to the library that enables multiple ssrc/key
   pairs to be installed into the same srtp session, so that libsrtp
   works with multiple srtp senders.  For now, this functionality is
   lacking.

   Removed the GDOI interface to the rtpw demo program.  This will be
   added again at a later date, after the SRTP and GDOI distributions
   stabilize.  For now, I've left in the GDOI #defines and autoconf
   definitions so that they'll be in place when needed.

   Updated tmmhv2_compute() so that it didn't assume any particular
   alginment of the output tag.

   Changed bit field variables in srtp.h to unsigned char from
   unsigned int in order to avoid a potential endianness issue.

   Fixed rdbx_estimate_index() to handle all input cases.  This solves
   the now notorious "abaft" bug in the rtpw demo app on linux/intel,
   in which spurious replay protection failures happen after that word
   is received.

   Added ntohs(hdr->seq) to srtp_protect and srtp_unprotect, removed
   from rijndael_icm_set_segment().

   Added error checking and handling to srtp_sender_init() and
   srtp_receiver_init().

   Changed srtp_alloc() so that it does what you'd expect: allocate an
   srtp_ctx_t structure.  This hides the library internals.


1.0.1   Many minor fixes

   Added cipher_driver_buffer_test(...) to test/cipher-driver.c.  This
   function checks that the byte-buffering functions used by a cipher
   are correct.

   Fixed SunOS/Solaris build problems: added HAVE_SYS_INT_TYPES_H and
   changed index_t to xtd_seq_num_t (see include/rdbx.h).

   Fixed SEAL3.0 output byte buffering, added byte-buffering test to
   cipher/cipher-driver.c.

   Fixed roc-driver so that the non-sequential insertion test
   automatically recovers from bad estimates.  This was required to
   prevent spurious failures.

   Made rdbx_estimate_index(...) function smarter, so that initial RTP
   sequence numbers greater than 32,768 don't cause it to estimate the
   rollover counter of 0xffffffff.


1.0.0   Initial release